Important: glibc

Description

Issue Overview:

A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1781 __)

It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system. (CVE-2015-5277 __)

It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423 __)

A stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1473 __)

A heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472 __)

All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please mail to content@vulners.com Vulners, 2017

{"result": {"cve": [{"id": "CVE-2015-5277", "type": "cve", "title": "CVE-2015-5277", "description": "The get_contents function in nss_files/files-XXX.c in the Name Service Switch (NSS) in GNU C Library (aka glibc or libc6) before 2.20 might allow local users to cause a denial of service (heap corruption) or gain privileges via a long line in the NSS files database.", "published": "2015-12-17T14:59:02", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-5277", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-07-01T10:43:29"}, {"id": "CVE-2015-1473", "type": "cve", "title": "CVE-2015-1473", "description": "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during a risk-management decision for use of the alloca function, which might allow context-dependent attackers to cause a denial of service (segmentation violation) or overwrite memory locations beyond the stack boundary via a long line containing wide characters that are improperly handled in a wscanf call.", "published": "2015-04-08T06:59:03", "cvss": {"score": 6.4, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1473", "cvelist": ["CVE-2015-1473"], "lastseen": "2017-04-18T15:56:07"}, {"id": "CVE-2015-1472", "type": "cve", "title": "CVE-2015-1472", "description": "The ADDW macro in stdio-common/vfscanf.c in the GNU C Library (aka glibc or libc6) before 2.21 does not properly consider data-type size during memory allocation, which allows context-dependent attackers to cause a denial of service (buffer overflow) or possibly have unspecified other impact via a long line containing wide characters that are improperly handled in a wscanf call.", "published": "2015-04-08T06:59:02", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1472", "cvelist": ["CVE-2015-1472"], "lastseen": "2018-01-19T11:59:06"}, {"id": "CVE-2015-1781", "type": "cve", "title": "CVE-2015-1781", "description": "Buffer overflow in the gethostbyname_r and other unspecified NSS functions in the GNU C Library (aka glibc or libc6) before 2.22 allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response, which triggers a call with a misaligned buffer.", "published": "2015-09-28T16:59:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-1781", "cvelist": ["CVE-2015-1781"], "lastseen": "2017-04-18T15:56:14"}, {"id": "CVE-2013-7423", "type": "cve", "title": "CVE-2013-7423", "description": "The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.", "published": "2015-02-24T10:59:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-7423", "cvelist": ["CVE-2013-7423"], "lastseen": "2018-01-05T12:21:30"}], "nessus": [{"id": "REDHAT-RHSA-2015-2172.NASL", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2015:2172)", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents) in certain cases. A local attacker could potentially use this flaw to escalate their privileges. (CVE-2015-5277)\n\nThis issue was discovered by Sumit Bose and Lukas Slebodnik of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "published": "2015-11-20T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=86974", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-10-29T13:45:44"}, {"id": "ORACLELINUX_ELSA-2015-2172.NASL", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2015-2172)", "description": "From Red Hat Security Advisory 2015:2172 :\n\nUpdated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents) in certain cases. A local attacker could potentially use this flaw to escalate their privileges. (CVE-2015-5277)\n\nThis issue was discovered by Sumit Bose and Lukas Slebodnik of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "published": "2015-11-30T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87091", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-10-29T13:45:29"}, {"id": "SL_20151119_GLIBC_ON_SL7_X_IMPORTANT.NASL", "type": "nessus", "title": "Scientific Linux Security Update : glibc on SL7.x x86_64_important", "description": "It was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents) in certain cases. A local attacker could potentially use this flaw to escalate their privileges. (CVE-2015-5277)", "published": "2015-12-29T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87638", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-10-29T13:43:05"}, {"id": "CENTOS_RHSA-2015-2172.NASL", "type": "nessus", "title": "CentOS 7 : glibc (CESA-2015:2172)", "description": "Updated glibc packages that fix one security issue are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available from the CVE link in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents) in certain cases. A local attacker could potentially use this flaw to escalate their privileges. (CVE-2015-5277)\n\nThis issue was discovered by Sumit Bose and Lukas Slebodnik of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.", "published": "2015-12-02T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87139", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-10-29T13:41:41"}, {"id": "REDHAT-RHSA-2015-2589.NASL", "type": "nessus", "title": "RHEL 7 : glibc (RHSA-2015:2589)", "description": "Updated glibc packages that fix multiple security issues are now available for Red Hat Enterprise Linux 7.1 Extended Update Support.\n\nRed Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.\n(CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473)\n\nThe CVE-2015-5277 issue was discovered by Sumit Bose and Lukas Slebodnik of Red Hat, and the CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues.", "published": "2016-02-04T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=88573", "cvelist": ["CVE-2015-5277", "CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-10-29T13:34:46"}, {"id": "ALA_ALAS-2015-617.NASL", "type": "nessus", "title": "Amazon Linux AMI : glibc (ALAS-2015-617)", "description": "A buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nIt was discovered that the nss_files backend for the Name Service Switch in glibc would return incorrect data to applications or corrupt the heap (depending on adjacent heap contents). A local attacker could potentially use this flaw to execute arbitrary code on the system.\n(CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA stack overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1473)\n\nA heap-based buffer overflow flaw was found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472)", "published": "2015-12-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87343", "cvelist": ["CVE-2015-5277", "CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-10-29T13:34:24"}, {"id": "GENTOO_GLSA-201702-11.NASL", "type": "nessus", "title": "GLSA-201702-11 : GNU C Library: Multiple vulnerabilities", "description": "The remote host is affected by the vulnerability described in GLSA-201702-11 (GNU C Library: Multiple vulnerabilities)\n\n Multiple vulnerabilities have been discovered in the GNU C Library.\n Please review the CVE identifiers referenced below for details.\n Impact :\n\n A context-dependent attacker could possibly execute arbitrary code with the privileges of the process, disclose sensitive information, or cause a Denial of Service condition via multiple vectors.\n Workaround :\n\n There is no known workaround at this time.", "published": "2017-02-21T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=97254", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2016-3075", "CVE-2016-1234", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2014-9761"], "lastseen": "2017-10-29T13:35:41"}, {"id": "UBUNTU_USN-2985-2.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc regression (USN-2985-2)", "description": "USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for CVE-2014-9761 introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade.\nThis update removes the fix for CVE-2014-9761 and a future update will be provided to address this issue.\n\nWe apologize for the inconvenience.\n\nMartin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code.\n(CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.\n(CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily.\n(CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. An attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-05-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91341", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "lastseen": "2017-10-29T13:45:22"}, {"id": "UBUNTU_USN-2985-1.NASL", "type": "nessus", "title": "Ubuntu 12.04 LTS / 14.04 LTS / 15.10 : eglibc, glibc vulnerabilities (USN-2985-1)", "description": "Martin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. (CVE-2013-2207, CVE-2016-2856)\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). (CVE-2014-8121)\n\nJoseph Myers discovered that the GNU C Library did not properly handle long arguments to functions returning a representation of Not a Number (NaN). An attacker could use this to cause a denial of service (stack exhaustion leading to an application crash) or possibly execute arbitrary code. (CVE-2014-9761)\n\nArjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2015-1781)\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. (CVE-2015-5277)\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. (CVE-2015-8776)\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily. (CVE-2015-8777)\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code.\n(CVE-2015-8778)\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code.\n(CVE-2015-8779)\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments.\nAn attacker could use to cause a denial of service (stack exhaustion leading to an application crash). (CVE-2016-3075).\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2016-05-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=91334", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "lastseen": "2017-10-29T13:35:17"}, {"id": "ORACLELINUX_ELSA-2015-2199.NASL", "type": "nessus", "title": "Oracle Linux 7 : glibc (ELSA-2015-2199)", "description": "From Red Hat Security Advisory 2015:2199 :\n\nUpdated glibc packages that fix multiple security issues, several bugs, and add one enhancement are now available for Red Hat Enterprise Linux 7.\n\nRed Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section.\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the Name Server Caching Daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data.\n(CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application.\n(CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in glibc's swscanf() function. An attacker able to make an application call the swscanf() function could use these flaws to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was found in glibc's _IO_wstr_overflow() function. An attacker able to make an application call this function could use this flaw to crash that application or, potentially, execute arbitrary code with the permissions of the user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain malformed patterns. An attacker able to make an application call this function could use this flaw to crash that application.\n(BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one enhancement. Space precludes documenting all of these changes in this advisory. For information on the most significant of these changes, users are directed to the following article on the Red Hat Customer Portal :\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which contain backported patches to correct these issues and add these enhancements.", "published": "2015-11-30T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=87092", "cvelist": ["CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-10-29T13:38:15"}], "oraclelinux": [{"id": "ELSA-2015-2172", "type": "oraclelinux", "title": "glibc security update", "description": "[2.17-106.0.1.1]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported.\n[2.17-106.1]\n- Rebuild with corrected release.\n[2.17-106]\n- Add fix for CVE-2015-5277 (#1275920).", "published": "2015-11-25T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-2172.html", "cvelist": ["CVE-2015-5277"], "lastseen": "2016-09-04T11:15:59"}, {"id": "ELSA-2015-2199", "type": "oraclelinux", "title": "glibc security, bug fix, and enhancement update", "description": "[2.17-105.0.1]\n- Remove strstr and strcasestr implementations using sse4.2 instructions.\n- Upstream commits 584b18eb4df61ccd447db2dfe8c8a7901f8c8598 and\n 1818483b15d22016b0eae41d37ee91cc87b37510 backported.\n[2.17-105]\n- Fix up test case for initial-exec fix (#1248208).\n[2.17-104]\n- Mark all TLS variables in libc.so as initial-exec (#1248208).\n[2.17-103]\n- Apply correct fix for #1195672.\n[2.17-102]\n- Remove workaround for kernel netlink bug (#1089836).\n- Use only 32-bit instructions in optimized 32-bit POWER functions (#1240796).\n[2.17-101]\n- Correct the AArch64 ABI baseline for libpthread (#1234622).\n[2.17-100]\n- Prevent tst-rec-dlopen from intermittently failing in parallel\n builds due to a missing makefile dependency (#1225959).\n[2.17-99]\n- Increase AArch64 TLS descriptor performance (#1202952).\n[2.17-98]\n- Move arch-specific header files from glibc-headers to glibc-devel (#1230328).\n[2.17-97]\n- Rebase high-precision timing support for microbenchmark (#1214326).\n[2.17-96]\n- Rebase microbenchmarks from upstream for performance testing (#1214326)\n- Fix running microbenchmark script bench.pl from source (#1084395)\n[2.17-95]\n- Enable systemtap support for all architectures (#1225490).\n[2.17-94]\n- Fix ruserok API scalability issues (#1216246).\n[2.17-93]\n- Backport fixes and enhancements for ppc64 and ppc64le (#1162895).\n - Correct DT_PPC64_NUM in elf/elf.h.\n - Correct IBM long double frexpl.\n - Correct IBM long double nextafterl.\n[2.17-92]\n- Backport fixes for various security flaws (#1209107):\n - Prevent heap buffer overflow in swscanf (CVE-2015-1472, CVE-2015-1473,\n - Prevent integer overflow in _IO_wstr_overflow (#1195762).\n - Prevent potential denial of service in internal_fnmatch (#1197730).\n - Prevent buffer overflow in gethostbyname_r and related functions\n with misaligned buffer (CVE-2015-1781, #1199525).\n[2.17-91]\n- Allow more shared libraries with static TLS to be loaded (#1227699).\n[2.17-90]\n- Work around kernel netlink bug on some specialized hardware setup (#1089836).\n- Fix invalid file descriptor reuse when sending DNS query\n (CVE-2013-7423, #1194143).\n- Sync netinet/tcp.h with the kernel (#1219891).\n[2.17-89]\n- Avoid deadlock in malloc on backtrace (#1207032).\n- Actually test iconv modules (#1176906).\n- Use calloc to allocate xports (#1159169).\n- Return EAI_AGAIN for AF_UNSPEC when herrno is TRY_AGAIN (#1098042).\n[2.17-88]\n- Add librtkaio.abilist generated by make update-abi (#1173238).\n[2.18-87]\n- Enhance nscd inotify support (#1193797).\n[2.17-86]\n- Use NSS_STATUS_TRYAGAIN to indicate insufficient buffer (#1173537).\n[2.17-85]\n- Skip logging for DNSSEC responses (#1186620).\n- Also apply the RHEL6.7 Makerules patch (#1189278).\n[2.17-84]\n- Initialize nscd stats data (#1183456).\n[2.17-83]\n- Resize DTV if the current DTV isn't big enough (#1189278).\n[2.17-82]\n- Backport an alternate implementation of strstr and strcasestr for\n x86 that doesn't use the stack for temporaries requiring 16-byte\n alignment (#1150282).\n[2.17-81]\n- Fix recursive dlopen() (#1165212).\n- Correctly size profiling reloc table (#1144133).\n[2.17-80]\n- Work around a suspected gcc 4.8 bug (#1064066).\n[2.17-79]\n- Restructure spec file to unconditionally apply ppc64le support (#1182355).\n- Fix test failure in test-ildoubl on ppc64 (#1186491).", "published": "2015-11-24T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-2199.html", "cvelist": ["CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2016-09-04T11:16:40"}, {"id": "ELSA-2015-0863", "type": "oraclelinux", "title": "glibc security and bug fix update", "description": "[2.12-1.149.7]\n- Fix invalid file descriptor reuse while sending DNS query\n (#1207995, CVE-2013-7423).\n- Fix buffer overflow in gethostbyname_r with misaligned buffer\n (#1209375, CVE-2015-1781).\n[2.12-1.149.6]\n- Enhance nscd to detect any configuration file changes (#1194149).", "published": "2015-04-21T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://linux.oracle.com/errata/ELSA-2015-0863.html", "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2016-09-04T11:16:30"}], "redhat": [{"id": "RHSA-2015:2172", "type": "redhat", "title": "(RHSA-2015:2172) Important: glibc security update", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in\nglibc would return incorrect data to applications or corrupt the heap\n(depending on adjacent heap contents) in certain cases. A local attacker\ncould potentially use this flaw to escalate their privileges.\n(CVE-2015-5277)\n\nThis issue was discovered by Sumit Bose and Luk\u00e1\u0161 Slebodn\u00edk of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.", "published": "2015-11-19T20:39:46", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2172", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-08-31T03:32:05"}, {"id": "RHSA-2015:2589", "type": "redhat", "title": "(RHSA-2015:2589) Important: glibc security update", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in\nglibc would return incorrect data to applications or corrupt the heap\n(depending on adjacent heap contents). A local attacker could potentially\nuse this flaw to execute arbitrary code on the system. (CVE-2015-5277)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc's swscanf() function. An attacker able to make an application call\nthe swscanf() function could use these flaws to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472, CVE-2015-1473)\n\nThe CVE-2015-5277 issue was discovered by Sumit Bose and Luk\u00e1\u0161 Slebodn\u00edk of\nRed Hat, and the CVE-2015-1781 issue was discovered by Arjun Shankar of Red\nHat.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.", "published": "2015-12-09T13:43:11", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2589", "cvelist": ["CVE-2015-5277", "CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2016-09-04T11:17:53"}, {"id": "RHSA-2015:2199", "type": "redhat", "title": "(RHSA-2015:2199) Moderate: glibc security, bug fix, and enhancement update", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc's swscanf() function. An attacker able to make an application call\nthe swscanf() function could use these flaws to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to make an\napplication call this function could use this flaw to crash that\napplication or, potentially, execute arbitrary code with the permissions of\nthe user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain\nmalformed patterns. An attacker able to make an application call this\nfunction could use this flaw to crash that application. (BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.", "published": "2015-11-19T19:39:58", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:2199", "cvelist": ["CVE-2013-7423", "CVE-2015-1472", "CVE-2015-1473", "CVE-2015-1781"], "lastseen": "2017-08-31T03:32:48"}, {"id": "RHSA-2015:0863", "type": "redhat", "title": "(RHSA-2015:0863) Moderate: glibc security and bug fix update", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n", "published": "2015-04-21T04:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://access.redhat.com/errata/RHSA-2015:0863", "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-03-06T09:19:20"}, {"id": "RHSA-2016:1207", "type": "redhat", "title": "(RHSA-2016:1207) Moderate: glibc security update", "description": "The glibc packages provide the standard C libraries (libc), POSIX thread libraries (libpthread), standard math libraries (libm), and the name service cache daemon (nscd) used by multiple programs on the system. Without these libraries, the Linux system cannot function correctly.\n\nSecurity Fix(es):\n\n* It was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. (CVE-2013-7423)", "published": "2016-06-07T09:18:46", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://access.redhat.com/errata/RHSA-2016:1207", "cvelist": ["CVE-2013-7423"], "lastseen": "2016-09-04T11:18:01"}], "openvas": [{"id": "OPENVAS:1361412562310122790", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2172", "description": "Oracle Linux Local Security Checks ELSA-2015-2172", "published": "2015-11-27T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122790", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-07-24T12:52:45"}, {"id": "OPENVAS:1361412562310871484", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:2172-01", "description": "Check the version of glibc", "published": "2015-11-20T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871484", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-07-27T10:53:32"}, {"id": "OPENVAS:1361412562310871695", "type": "openvas", "title": "RedHat Update for glibc RHSA-2016:2573-02", "description": "Check the version of glibc", "published": "2016-11-04T00:00:00", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871695", "cvelist": ["CVE-2015-5277", "CVE-2016-3075", "CVE-2015-5229"], "lastseen": "2017-07-27T10:53:50"}, {"id": "OPENVAS:1361412562310120607", "type": "openvas", "title": "Amazon Linux Local Check: alas-2015-617", "description": "Amazon Linux Local Security Checks", "published": "2015-12-15T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310120607", "cvelist": ["CVE-2015-5277", "CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-07-24T12:53:57"}, {"id": "OPENVAS:1361412562310842773", "type": "openvas", "title": "Ubuntu Update for glibc USN-2985-1", "description": "Check the version of glibc", "published": "2016-05-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842773", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "lastseen": "2017-12-04T11:25:46"}, {"id": "OPENVAS:1361412562310842775", "type": "openvas", "title": "Ubuntu Update for glibc USN-2985-2", "description": "Check the version of glibc", "published": "2016-05-27T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842775", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "lastseen": "2017-12-04T11:25:30"}, {"id": "OPENVAS:1361412562310842104", "type": "openvas", "title": "Ubuntu Update for glibc USN-2519-1", "description": "Check the version of glibc", "published": "2015-02-27T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310842104", "cvelist": ["CVE-2014-9402", "CVE-2015-1473", "CVE-2015-1472", "CVE-2013-7423"], "lastseen": "2017-12-04T11:24:09"}, {"id": "OPENVAS:1361412562310871503", "type": "openvas", "title": "RedHat Update for glibc RHSA-2015:2199-07", "description": "Check the version of glibc", "published": "2015-11-20T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310871503", "cvelist": ["CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-07-27T10:52:06"}, {"id": "OPENVAS:1361412562310122787", "type": "openvas", "title": "Oracle Linux Local Check: ELSA-2015-2199", "description": "Oracle Linux Local Security Checks ELSA-2015-2199", "published": "2015-11-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310122787", "cvelist": ["CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-07-24T12:52:18"}, {"id": "OPENVAS:703169", "type": "openvas", "title": "Debian Security Advisory DSA 3169-1 (eglibc - security update)", "description": "Several vulnerabilities have been fixed\nin eglibc, Debian", "published": "2015-02-23T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703169", "cvelist": ["CVE-2014-4043", "CVE-2012-3404", "CVE-2014-9402", "CVE-2012-3405", "CVE-2015-1473", "CVE-2015-1472", "CVE-2012-3406", "CVE-2013-7424"], "lastseen": "2017-07-24T12:55:18"}], "centos": [{"id": "CESA-2015:2172", "type": "centos", "title": "glibc, nscd security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:2172\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system. Without\nthese libraries, the Linux system cannot function correctly.\n\nIt was discovered that the nss_files backend for the Name Service Switch in\nglibc would return incorrect data to applications or corrupt the heap\n(depending on adjacent heap contents) in certain cases. A local attacker\ncould potentially use this flaw to escalate their privileges.\n(CVE-2015-5277)\n\nThis issue was discovered by Sumit Bose and Luk\u00e1\u0161 Slebodn\u00edk of Red Hat.\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain a backported patch to correct this issue.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-December/002723.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2172.html", "published": "2015-12-01T22:24:31", "cvss": {"score": 7.2, "vector": "AV:LOCAL/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-December/002723.html", "cvelist": ["CVE-2015-5277"], "lastseen": "2017-10-03T18:25:41"}, {"id": "CESA-2015:2199", "type": "centos", "title": "glibc, nscd security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:2199\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name Server\nCaching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nA heap-based buffer overflow flaw and a stack overflow flaw were found in\nglibc's swscanf() function. An attacker able to make an application call\nthe swscanf() function could use these flaws to crash that application or,\npotentially, execute arbitrary code with the permissions of the user\nrunning the application. (CVE-2015-1472, CVE-2015-1473)\n\nAn integer overflow flaw, leading to a heap-based buffer overflow, was\nfound in glibc's _IO_wstr_overflow() function. An attacker able to make an\napplication call this function could use this flaw to crash that\napplication or, potentially, execute arbitrary code with the permissions of\nthe user running the application. (BZ#1195762)\n\nA flaw was found in the way glibc's fnmatch() function processed certain\nmalformed patterns. An attacker able to make an application call this\nfunction could use this flaw to crash that application. (BZ#1197730)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThese updated glibc packages also include numerous bug fixes and one\nenhancement. Space precludes documenting all of these changes in this\nadvisory. For information on the most significant of these changes, users\nare directed to the following article on the Red Hat Customer Portal:\n\nhttps://access.redhat.com/articles/2050743\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues and add these\nenhancements.\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-cr-announce/2015-November/002242.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-2199.html", "published": "2015-11-30T19:30:07", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-cr-announce/2015-November/002242.html", "cvelist": ["CVE-2015-1473", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-10-03T18:26:58"}, {"id": "CESA-2015:0863", "type": "centos", "title": "glibc, nscd security update", "description": "**CentOS Errata and Security Advisory** CESA-2015:0863\n\n\nThe glibc packages provide the standard C libraries (libc), POSIX thread\nlibraries (libpthread), standard math libraries (libm), and the Name\nServer Caching Daemon (nscd) used by multiple programs on the system.\nWithout these libraries, the Linux system cannot function correctly.\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and\nother related functions computed the size of a buffer when passed a\nmisaligned buffer as input. An attacker able to make an application call\nany of these functions with a misaligned buffer could use this flaw to\ncrash the application or, potentially, execute arbitrary code with the\npermissions of the user running the application. (CVE-2015-1781)\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo()\nfunction would send DNS queries to random file descriptors. An attacker\ncould potentially use this flaw to send DNS queries to unintended\nrecipients, resulting in information disclosure or data loss due to the\napplication encountering corrupted data. (CVE-2013-7423)\n\nThe CVE-2015-1781 issue was discovered by Arjun Shankar of Red Hat.\n\nThis update also fixes the following bug:\n\n* Previously, the nscd daemon did not properly reload modified data when\nthe user edited monitored nscd configuration files. As a consequence, nscd\nreturned stale data to system processes. This update adds a system of\ninotify-based monitoring and stat-based backup monitoring for nscd\nconfiguration files. As a result, nscd now detects changes to its\nconfiguration files and reloads the data properly, which prevents it from\nreturning stale data. (BZ#1194149)\n\nAll glibc users are advised to upgrade to these updated packages, which\ncontain backported patches to correct these issues.\n\n\n**Merged security bulletin from advisories:**\nhttp://lists.centos.org/pipermail/centos-announce/2015-April/021081.html\n\n**Affected packages:**\nglibc\nglibc-common\nglibc-devel\nglibc-headers\nglibc-static\nglibc-utils\nnscd\n\n**Upstream details at:**\nhttps://rhn.redhat.com/errata/RHSA-2015-0863.html", "published": "2015-04-21T13:07:39", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.centos.org/pipermail/centos-announce/2015-April/021081.html", "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2017-10-03T18:26:42"}], "gentoo": [{"id": "GLSA-201702-11", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the GNU C Library. Please review the CVE identifiers referenced below for details. \n\n### Impact\n\nA context-dependent attacker could possibly execute arbitrary code with the privileges of the process, disclose sensitive information, or cause a Denial of Service condition via multiple vectors. \n\n### Workaround\n\nThere is no known workaround at this time.\n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.23-r3\"", "published": "2017-02-19T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://security.gentoo.org/glsa/201702-11", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2016-3075", "CVE-2016-1234", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2014-9761"], "lastseen": "2017-02-19T12:59:58"}, {"id": "GLSA-201602-02", "type": "gentoo", "title": "GNU C Library: Multiple vulnerabilities", "description": "### Background\n\nThe GNU C library is the standard C library used by Gentoo Linux systems. \n\n### Description\n\nMultiple vulnerabilities have been discovered in the GNU C Library:\n\n * The Google Security Team and Red Hat discovered a stack-based buffer overflow in the send_dg() and send_vc() functions due to a buffer mismanagement when getaddrinfo() is called with AF_UNSPEC (CVE-2015-7547). \n * The strftime() function access invalid memory when passed out-of-range data, resulting in a crash (CVE-2015-8776). \n * An integer overflow was found in the __hcreate_r() function (CVE-2015-8778). \n * Multiple unbounded stack allocations were found in the catopen() function (CVE-2015-8779). \n\nPlease review the CVEs referenced below for additional vulnerabilities that had already been fixed in previous versions of sys-libs/glibc, for which we have not issued a GLSA before. \n\n### Impact\n\nA remote attacker could exploit any application which performs host name resolution using getaddrinfo() in order to execute arbitrary code or crash the application. The other vulnerabilities can possibly be exploited to cause a Denial of Service or leak information. \n\n### Workaround\n\nA number of mitigating factors for CVE-2015-7547 have been identified. Please review the upstream advisory and references below. \n\n### Resolution\n\nAll GNU C Library users should upgrade to the latest version:\n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=sys-libs/glibc-2.21-r2\"\n \n\nIt is important to ensure that no running process uses the old glibc anymore. The easiest way to achieve that is by rebooting the machine after updating the sys-libs/glibc package. \n\nNote: Should you run into compilation failures while updating, please see bug 574948.", "published": "2016-02-17T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://security.gentoo.org/glsa/201602-02", "cvelist": ["CVE-2015-8776", "CVE-2014-5119", "CVE-2014-6040", "CVE-2014-9402", "CVE-2014-8121", "CVE-2015-8779", "CVE-2015-8778", "CVE-2014-7817", "CVE-2015-1472", "CVE-2015-1781", "CVE-2013-7423", "CVE-2014-0475", "CVE-2015-7547"], "lastseen": "2016-09-06T19:46:03"}], "cloudfoundry": [{"id": "CFOUNDRY:82B2B1A060B1E750A31BFC919E90DD11", "type": "cloudfoundry", "title": "USN-2985-2 GNU C Library regression - Cloud Foundry", "description": "USN-2985-2 GNU C Library regression\n\n# \n\nMedium\n\n# Vendor\n\nGNU C, Canonical Ubuntu\n\n# Versions Affected\n\nUbuntu 14.04 LTS\n\n# Description\n\nUSN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for [CVE-2014-9761](<http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9761.html>) introduced a regression which affected applications that use the libm library but were not fully restarted after the upgrade. This update removes the fix for [CVE-2014-9761](<http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-9761.html>) and a future update will be provided to address this issue.\n\nMartin Carpenter discovered that pt_chown in the GNU C Library did not properly check permissions for tty files. A local attacker could use this to gain administrative privileges or expose sensitive information. ([CVE-2013-2207](<http://people.canonical.com/~ubuntu-security/cve/2013/CVE-2013-2207.html>), [CVE-2016-2856](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-2856.html>))\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not properly manage its file descriptors. An attacker could use this to cause a denial of service (infinite loop). ([CVE-2014-8121](<http://people.canonical.com/~ubuntu-security/cve/2014/CVE-2014-8121.html>))\n\nArjun Shankar discovered that in certain situations the nss_dns code in the GNU C Library did not properly account buffer sizes when passed an unaligned buffer. An attacker could use this to cause a denial of service or possibly execute arbitrary code. ([CVE-2015-1781](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-1781.html>))\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service Switch (NSS) implementation in the GNU C Library did not handle long lines in the files databases correctly. A local attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. ([CVE-2015-5277](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-5277.html>))\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did not properly handle out-of-range argument data. An attacker could use this to cause a denial of service (application crash) or possibly expose sensitive information. ([CVE-2015-8776](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8776.html>))\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed the pointer-guarding protection mechanism to be disabled by honoring the LD_POINTER_GUARD environment variable across privilege boundaries. A local attacker could use this to exploit an existing vulnerability more easily. ([CVE-2015-8777](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8777.html>))\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library did not properly check its size argument, leading to an integer overflow. An attacker could use to cause a denial of service (application crash) or possibly execute arbitrary code. ([CVE-2015-8778](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8778.html>))\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the catopen function in the GNU C Library when handling long catalog names. An attacker could use this to cause a denial of service (application crash) or possibly execute arbitrary code. ([CVE-2015-8779](<http://people.canonical.com/~ubuntu-security/cve/2015/CVE-2015-8779.html>))\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C Library did not properly handle long names passed as arguments. An attacker could use to cause a denial of service (stack exhaustion leading to an application crash). ([CVE-2016-3075](<http://people.canonical.com/~ubuntu-security/cve/2016/CVE-2016-3075.html>))\n\n# Affected Products and Versions\n\n_Severity is medium unless otherwise noted. \n_\n\n * All versions of Cloud Foundry cflinuxfs2 prior to v.1.63.0 \n\n# Mitigation\n\nUsers of affected versions should apply the following mitigation:\n\n * The Cloud Foundry project recommends that Cloud Foundry deployments run with cflinuxfs2 v.1.63.0 or later versions \n\n# References\n\n * <http://www.ubuntu.com/usn/usn-2985-1/>\n * <http://www.ubuntu.com/usn/usn-2985-2/>\n", "published": "2016-06-13T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.cloudfoundry.org/blog/usn-2985-2/", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "lastseen": "2018-01-12T14:52:56"}], "ubuntu": [{"id": "USN-2985-1", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "description": "Martin Carpenter discovered that pt_chown in the GNU C Library did not \nproperly check permissions for tty files. A local attacker could use this \nto gain administrative privileges or expose sensitive information. \n([CVE-2013-2207](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2207>), [CVE-2016-2856](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2856>))\n\nRobin Hack discovered that the Name Service Switch (NSS) implementation in \nthe GNU C Library did not properly manage its file descriptors. An attacker \ncould use this to cause a denial of service (infinite loop). \n([CVE-2014-8121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8121>))\n\nJoseph Myers discovered that the GNU C Library did not properly handle long \narguments to functions returning a representation of Not a Number (NaN). An \nattacker could use this to cause a denial of service (stack exhaustion \nleading to an application crash) or possibly execute arbitrary code. \n([CVE-2014-9761](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9761>))\n\nArjun Shankar discovered that in certain situations the nss_dns code in the \nGNU C Library did not properly account buffer sizes when passed an \nunaligned buffer. An attacker could use this to cause a denial of service \nor possibly execute arbitrary code. ([CVE-2015-1781](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1781>))\n\nSumit Bose and Lukas Slebodnik discovered that the Name Service \nSwitch (NSS) implementation in the GNU C Library did not handle long \nlines in the files databases correctly. A local attacker could use \nthis to cause a denial of service (application crash) or possibly \nexecute arbitrary code. ([CVE-2015-5277](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5277>))\n\nAdam Nielsen discovered that the strftime function in the GNU C Library did \nnot properly handle out-of-range argument data. An attacker could use this \nto cause a denial of service (application crash) or possibly expose \nsensitive information. ([CVE-2015-8776](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8776>))\n\nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed \nthe pointer-guarding protection mechanism to be disabled by honoring the \nLD_POINTER_GUARD environment variable across privilege boundaries. A local \nattacker could use this to exploit an existing vulnerability more easily. \n([CVE-2015-8777](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8777>))\n\nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library \ndid not properly check its size argument, leading to an integer overflow. \nAn attacker could use to cause a denial of service (application crash) or \npossibly execute arbitrary code. ([CVE-2015-8778](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8778>))\n\nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the \ncatopen function in the GNU C Library when handling long catalog names. An \nattacker could use this to cause a denial of service (application crash) or \npossibly execute arbitrary code. ([CVE-2015-8779](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8779>))\n\nFlorian Weimer discovered that the getnetbyname implementation in the GNU C \nLibrary did not properly handle long names passed as arguments. An attacker \ncould use to cause a denial of service (stack exhaustion leading to an \napplication crash). ([CVE-2016-3075](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3075>))", "published": "2016-05-25T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/usn/usn-2985-1/", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "lastseen": "2017-08-09T19:12:19"}, {"id": "USN-2985-2", "type": "ubuntu", "title": "GNU C Library regression", "description": "USN-2985-1 fixed vulnerabilities in the GNU C Library. The fix for \n[CVE-2014-9761](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9761>) introduced a regression which affected applications that \nuse the libm library but were not fully restarted after the upgrade. \nThis update removes the fix for [CVE-2014-9761](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9761>) and a future update \nwill be provided to address this issue.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\nMartin Carpenter discovered that pt_chown in the GNU C Library did not \nproperly check permissions for tty files. A local attacker could use this \nto gain administrative privileges or expose sensitive information. \n([CVE-2013-2207](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-2207>), [CVE-2016-2856](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-2856>)) \n \nRobin Hack discovered that the Name Service Switch (NSS) implementation in \nthe GNU C Library did not properly manage its file descriptors. An attacker \ncould use this to cause a denial of service (infinite loop). \n([CVE-2014-8121](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-8121>)) \n \nJoseph Myers discovered that the GNU C Library did not properly handle long \narguments to functions returning a representation of Not a Number (NaN). An \nattacker could use this to cause a denial of service (stack exhaustion \nleading to an application crash) or possibly execute arbitrary code. \n([CVE-2014-9761](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9761>)) \n \nArjun Shankar discovered that in certain situations the nss_dns code in the \nGNU C Library did not properly account buffer sizes when passed an \nunaligned buffer. An attacker could use this to cause a denial of service \nor possibly execute arbitrary code. ([CVE-2015-1781](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1781>)) \n \nSumit Bose and Lukas Slebodnik discovered that the Name Service \nSwitch (NSS) implementation in the GNU C Library did not handle long \nlines in the files databases correctly. A local attacker could use \nthis to cause a denial of service (application crash) or possibly \nexecute arbitrary code. ([CVE-2015-5277](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-5277>)) \n \nAdam Nielsen discovered that the strftime function in the GNU C Library did \nnot properly handle out-of-range argument data. An attacker could use this \nto cause a denial of service (application crash) or possibly expose \nsensitive information. ([CVE-2015-8776](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8776>)) \n \nHector Marco and Ismael Ripoll discovered that the GNU C Library allowed \nthe pointer-guarding protection mechanism to be disabled by honoring the \nLD_POINTER_GUARD environment variable across privilege boundaries. A local \nattacker could use this to exploit an existing vulnerability more easily. \n([CVE-2015-8777](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8777>)) \n \nSzabolcs Nagy discovered that the hcreate functions in the GNU C Library \ndid not properly check its size argument, leading to an integer overflow. \nAn attacker could use to cause a denial of service (application crash) or \npossibly execute arbitrary code. ([CVE-2015-8778](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8778>)) \n \nMaksymilian Arciemowicz discovered a stack-based buffer overflow in the \ncatopen function in the GNU C Library when handling long catalog names. An \nattacker could use this to cause a denial of service (application crash) or \npossibly execute arbitrary code. ([CVE-2015-8779](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8779>)) \n \nFlorian Weimer discovered that the getnetbyname implementation in the GNU C \nLibrary did not properly handle long names passed as arguments. An attacker \ncould use to cause a denial of service (stack exhaustion leading to an \napplication crash). ([CVE-2016-3075](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-3075>))", "published": "2016-05-26T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://usn.ubuntu.com/usn/usn-2985-2/", "cvelist": ["CVE-2015-8776", "CVE-2015-5277", "CVE-2014-8121", "CVE-2016-3075", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2016-2856", "CVE-2014-9761", "CVE-2015-1781"], "lastseen": "2017-08-09T19:13:30"}, {"id": "USN-2519-1", "type": "ubuntu", "title": "GNU C Library vulnerabilities", "description": "Arnaud Le Blanc discovered that the GNU C Library incorrectly handled file \ndescriptors when resolving DNS queries under high load. This may cause a \ndenial of service in other applications, or an information leak. This issue \nonly affected Ubuntu 10.04 LTS, Ubuntu 12.04 LTS and Ubuntu 14.04 LTS. \n([CVE-2013-7423](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2013-7423>))\n\nIt was discovered that the GNU C Library incorrectly handled receiving a \npositive answer while processing the network name when performing DNS \nresolution. A remote attacker could use this issue to cause the GNU C \nLibrary to hang, resulting in a denial of service. ([CVE-2014-9402](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2014-9402>))\n\nJoseph Myers discovered that the GNU C Library wscanf function incorrectly \nhandled memory. A remote attacker could possibly use this issue to cause \nthe GNU C Library to crash, resulting in a denial of service, or possibly \nexecute arbitrary code. This issue only affected Ubuntu 12.04 LTS, Ubuntu \n14.04 LTS and Ubuntu 14.10. ([CVE-2015-1472](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1472>), [CVE-2015-1473](<http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-1473>))", "published": "2015-02-26T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "https://usn.ubuntu.com/usn/usn-2519-1/", "cvelist": ["CVE-2014-9402", "CVE-2015-1473", "CVE-2015-1472", "CVE-2013-7423"], "lastseen": "2017-08-09T19:14:42"}], "archlinux": [{"id": "ASA-201502-8", "type": "archlinux", "title": "glibc: multiple issues", "description": "glibc has multiple issues including heap- and stack overflows that could be\nexploitable. The heap- and stack-overflow is possible in the swscanf function.", "published": "2015-02-09T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-February/000231.html", "cvelist": ["CVE-2015-1473", "CVE-2015-1472"], "lastseen": "2016-09-02T18:44:41"}, {"id": "ASA-201504-25", "type": "archlinux", "title": "glibc: arbitrary code execution", "description": "A buffer overflow in gethostbyname_r() and related functions performing\nDNS requests has been fixed. If the NSS functions were called with a\nmisaligned buffer, the buffer length change due to pointer alignment was\nnot taken into account. This could result in application crashes or\npotentially arbitrary code execution using crafted but syntactically\nvalid DNS responses.", "published": "2015-04-23T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://lists.archlinux.org/pipermail/arch-security/2015-April/000305.html", "cvelist": ["CVE-2015-1781"], "lastseen": "2016-09-02T18:44:35"}], "debian": [{"id": "DSA-3169", "type": "debian", "title": "eglibc -- security update", "description": "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library:\n\n * [CVE-2012-3406](<https://security-tracker.debian.org/tracker/CVE-2012-3406>)\n\nThe vfprintf function in stdio-common/vfprintf.c in GNU C Library (aka glibc) 2.5, 2.12, and probably other versions does not properly restrict the use of the alloca function when allocating the SPECS array, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string using positional parameters and a large number of format specifiers, a different vulnerability than [CVE-2012-3404](<https://security-tracker.debian.org/tracker/CVE-2012-3404>) and [CVE-2012-3405](<https://security-tracker.debian.org/tracker/CVE-2012-3405>).\n\n * [CVE-2013-7424](<https://security-tracker.debian.org/tracker/CVE-2013-7424>)\n\nAn invalid free flaw was found in glibc's getaddrinfo() function when used with the AI_IDN flag. A remote attacker able to make an application call this function could use this flaw to execute arbitrary code with the permissions of the user running the application. Note that this flaw only affected applications using glibc compiled with libidn support.\n\n * [CVE-2014-4043](<https://security-tracker.debian.org/tracker/CVE-2014-4043>)\n\nThe posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.\n\n * [CVE-2014-9402](<https://security-tracker.debian.org/tracker/CVE-2014-9402>)\n\nThe getnetbyname function in glibc 2.21 or earlier will enter an infinite loop if the DNS backend is activated in the system Name Service Switch configuration, and the DNS resolver receives a positive answer while processing the network name.\n\n * [CVE-2015-1472](<https://security-tracker.debian.org/tracker/CVE-2015-1472>) / [CVE-2015-1473](<https://security-tracker.debian.org/tracker/CVE-2015-1473>)\n\nUnder certain conditions wscanf can allocate too little memory for the to-be-scanned arguments and overflow the allocated buffer. The incorrect use of \"__libc_use_alloca (newsize)\" caused a different (and weaker) policy to be enforced which could allow a denial of service attack.\n\nFor the stable distribution (wheezy), these issues are fixed in version 2.13-38+deb7u8 of the eglibc package.\n\nFor the unstable distribution (sid), all the above issues are fixed in version 2.19-15 of the glibc package.\n\nWe recommend that you upgrade your eglibc packages.", "published": "2015-02-23T00:00:00", "cvss": {"score": 7.8, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:NONE/A:COMPLETE/"}, "href": "http://www.debian.org/security/dsa-3169", "cvelist": ["CVE-2014-4043", "CVE-2014-9402", "CVE-2015-1473", "CVE-2015-1472", "CVE-2012-3406", "CVE-2013-7424"], "lastseen": "2016-09-02T18:29:50"}, {"id": "DLA-165", "type": "debian", "title": "eglibc -- LTS security update", "description": "Several vulnerabilities have been fixed in eglibc, Debian's version of the GNU C library.\n\n * #553206, [CVE-2015-1472](<https://security-tracker.debian.org/tracker/CVE-2015-1472>), [CVE-2015-1473](<https://security-tracker.debian.org/tracker/CVE-2015-1473>)\n\nThe scanf family of functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\n * [CVE-2012-3405](<https://security-tracker.debian.org/tracker/CVE-2012-3405>)\n\nThe printf family of functions do not properly calculate a buffer length, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service.\n\n * [CVE-2012-3406](<https://security-tracker.debian.org/tracker/CVE-2012-3406>)\n\nThe printf family of functions do not properly limit stack allocation, which allows context-dependent attackers to bypass the FORTIFY_SOURCE format-string protection mechanism and cause a denial of service (crash) or possibly execute arbitrary code via a crafted format string.\n\n * [CVE-2012-3480](<https://security-tracker.debian.org/tracker/CVE-2012-3480>)\n\nMultiple integer overflows in the strtod, strtof, strtold, strtod_l, and other related functions allow local users to cause a denial of service (application crash) and possibly execute arbitrary code via a long string, which triggers a stack-based buffer overflow.\n\n * [CVE-2012-4412](<https://security-tracker.debian.org/tracker/CVE-2012-4412>)\n\nInteger overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string, which triggers a heap-based buffer overflow.\n\n * [CVE-2012-4424](<https://security-tracker.debian.org/tracker/CVE-2012-4424>)\n\nStack-based buffer overflow in the strcoll and wcscoll functions allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long string that triggers a malloc failure and use of the alloca function.\n\n * [CVE-2013-0242](<https://security-tracker.debian.org/tracker/CVE-2013-0242>)\n\nBuffer overflow in the extend_buffers function in the regular expression matcher allows context-dependent attackers to cause a denial of service (memory corruption and crash) via crafted multibyte characters.\n\n * [CVE-2013-1914](<https://security-tracker.debian.org/tracker/CVE-2013-1914>), [CVE-2013-4458](<https://security-tracker.debian.org/tracker/CVE-2013-4458>)\n\nStack-based buffer overflow in the getaddrinfo function allows remote attackers to cause a denial of service (crash) via a hostname or IP address that triggers a large number of domain conversion results.\n\n * [CVE-2013-4237](<https://security-tracker.debian.org/tracker/CVE-2013-4237>)\n\nreaddir_r allows context-dependent attackers to cause a denial of service (out-of-bounds write and crash) or possibly execute arbitrary code via a malicious NTFS image or CIFS service.\n\n * [CVE-2013-4332](<https://security-tracker.debian.org/tracker/CVE-2013-4332>)\n\nMultiple integer overflows in malloc/malloc.c allow context-dependent attackers to cause a denial of service (heap corruption) via a large value to the pvalloc, valloc, posix_memalign, memalign, or aligned_alloc functions.\n\n * [CVE-2013-4357](<https://security-tracker.debian.org/tracker/CVE-2013-4357>)\n\nThe getaliasbyname, getaliasbyname_r, getaddrinfo, getservbyname, getservbyname_r, getservbyport, getservbyport_r, and glob functions do not properly limit stack allocation, which allows context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\n * [CVE-2013-4788](<https://security-tracker.debian.org/tracker/CVE-2013-4788>)\n\nWhen the GNU C library is statically linked into an executable, the PTR_MANGLE implementation does not initialize the random value for the pointer guard, so that various hardening mechanisms are not effective.\n\n * [CVE-2013-7423](<https://security-tracker.debian.org/tracker/CVE-2013-7423>)\n\nThe send_dg function in resolv/res_send.c does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of requests that trigger a call to the getaddrinfo function.\n\n * [CVE-2013-7424](<https://security-tracker.debian.org/tracker/CVE-2013-7424>)\n\nThe getaddrinfo function may attempt to free an invalid pointer when handling IDNs (Internationalised Domain Names), which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code.\n\n * [CVE-2014-4043](<https://security-tracker.debian.org/tracker/CVE-2014-4043>)\n\nThe posix_spawn_file_actions_addopen function does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-after-free vulnerabilities.\n\nFor the oldstable distribution (squeeze), these problems have been fixed in version 2.11.3-4+deb6u5.\n\nFor the stable distribution (wheezy), these problems were fixed in version 2.13-38+deb7u8 or earlier.", "published": "2015-03-06T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-165", "cvelist": ["CVE-2013-0242", "CVE-2014-4043", "CVE-2013-4788", "CVE-2012-3405", "CVE-2012-4412", "CVE-2012-4424", "CVE-2013-4357", "CVE-2013-4332", "CVE-2012-3480", "CVE-2013-1914", "CVE-2013-4458", "CVE-2015-1473", "CVE-2015-1472", "CVE-2013-4237", "CVE-2013-7423", "CVE-2012-3406", "CVE-2013-7424"], "lastseen": "2016-09-02T12:57:02"}, {"id": "DLA-230", "type": "debian", "title": "eglibc -- LTS security update", "description": "Arjun Shankar of Red Hat discovered that gethostbyname_r and related functions compute the size of an input buffer incorrectly if the passed-in buffer is misaligned. This results in a buffer overflow.\n\nFor the oldoldstable distribution (squeeze), this problem has been fixed in version 2.11.3-4+deb6u6.", "published": "2015-05-27T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/2015/dla-230", "cvelist": ["CVE-2015-1781"], "lastseen": "2016-09-02T12:56:44"}, {"id": "DSA-3480", "type": "debian", "title": "eglibc -- security update", "description": "Several vulnerabilities have been fixed in the GNU C Library, eglibc.\n\nThe [CVE-2015-7547](<https://security-tracker.debian.org/tracker/CVE-2015-7547>) vulnerability listed below is considered to have critical impact.\n\n * [CVE-2014-8121](<https://security-tracker.debian.org/tracker/CVE-2014-8121>)\n\nRobin Hack discovered that the nss_files database did not correctly implement enumeration interleaved with name-based or ID-based lookups. This could cause the enumeration enter an endless loop, leading to a denial of service.\n\n * [CVE-2015-1781](<https://security-tracker.debian.org/tracker/CVE-2015-1781>)\n\nArjun Shankar discovered that the _r variants of host name resolution functions (like gethostbyname_r), when performing DNS name resolution, suffered from a buffer overflow if a misaligned buffer was supplied by the applications, leading to a crash or, potentially, arbitrary code execution. Most applications are not affected by this vulnerability because they use aligned buffers.\n\n * [CVE-2015-7547](<https://security-tracker.debian.org/tracker/CVE-2015-7547>)\n\nThe Google Security Team and Red Hat discovered that the eglibc host name resolver function, getaddrinfo, when processing AF_UNSPEC queries (for dual A/AAAA lookups), could mismanage its internal buffers, leading to a stack-based buffer overflow and arbitrary code execution. This vulnerability affects most applications which perform host name resolution using getaddrinfo, including system services.\n\n * [CVE-2015-8776](<https://security-tracker.debian.org/tracker/CVE-2015-8776>)\n\nAdam Nielsen discovered that if an invalid separated time value is passed to strftime, the strftime function could crash or leak information. Applications normally pass only valid time information to strftime; no affected applications are known.\n\n * [CVE-2015-8777](<https://security-tracker.debian.org/tracker/CVE-2015-8777>)\n\nHector Marco-Gisbert reported that LD_POINTER_GUARD was not ignored for SUID programs, enabling an unintended bypass of a security feature. This update causes eglibc to always ignore the LD_POINTER_GUARD environment variable.\n\n * [CVE-2015-8778](<https://security-tracker.debian.org/tracker/CVE-2015-8778>)\n\nSzabolcs Nagy reported that the rarely-used hcreate and hcreate_r functions did not check the size argument properly, leading to a crash (denial of service) for certain arguments. No impacted applications are known at this time.\n\n * [CVE-2015-8779](<https://security-tracker.debian.org/tracker/CVE-2015-8779>)\n\nThe catopen function contains several unbound stack allocations (stack overflows), causing it the crash the process (denial of service). No applications where this issue has a security impact are currently known.\n\nThe following fixed vulnerabilities currently lack CVE assignment:\n\n * Joseph Myers reported that an integer overflow in the strxfrm can lead to heap-based buffer overflow, possibly allowing arbitrary code execution. In addition, a fallback path in strxfrm uses an unbounded stack allocation (stack overflow), leading to a crash or erroneous application behavior.\n\n * Kostya Serebryany reported that the fnmatch function could skip over the terminating NUL character of a malformed pattern, causing an application calling fnmatch to crash (denial of service).\n\n * Joseph Myers reported that the IO_wstr_overflow function, internally used by wide-oriented character streams, suffered from an integer overflow, leading to a heap-based buffer overflow. On GNU/Linux systems, wide-oriented character streams are rarely used, and no affected applications are known.\n\n * Andreas Schwab reported a memory leak (memory allocation without a matching deallocation) while processing certain DNS answers in getaddrinfo, related to the _nss_dns_gethostbyname4_r function. This vulnerability could lead to a denial of service.\n\nWhile it is only necessary to ensure that all processes are not using the old eglibc anymore, it is recommended to reboot the machines after applying the security upgrade.\n\nFor the oldstable distribution (wheezy), these problems have been fixed in version 2.13-38+deb7u10.\n\nWe recommend that you upgrade your eglibc packages.", "published": "2016-02-16T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://www.debian.org/security/dsa-3480", "cvelist": ["CVE-2015-8776", "CVE-2014-8121", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2015-1781", "CVE-2015-7547"], "lastseen": "2017-10-05T13:13:55"}], "f5": [{"id": "SOL16366", "type": "f5", "title": "SOL16366 - GNU C Library (glibc) vulnerability CVE-2015-1472", "description": "Recommended Action\n\nNone\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2015-04-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/300/sol16366.html", "cvelist": ["CVE-2015-1472"], "lastseen": "2016-09-26T17:23:09"}, {"id": "SOL16865", "type": "f5", "title": "SOL16865 - GNU C Library (glibc) vulnerability CVE-2015-1781", "description": "**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*Although the BIG-IP, BIG-IQ, and Enterprise Manager software contains the vulnerable code, BIG-IP, BIG-IQ, and Enterprise Manager do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local access to BIG-IP, BIG-IQ, Enterprise Manager to upload a custom binary in order to trigger an exploit that the attacker can then crash the application or run arbitrary code. Therefore, F5 Product Development considers this vulnerability as Not Vulnerable in a standard configuration and Low Severity if management access to BIG-IP, BIG-IQ, and Enterprise Manager is not adequately protected; for example over a secure network. \n\n\nRecommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nTo mitigate this vulnerability, you should only permit management access to F5 products over a secure network and limit shell access to trusted users.\n\nFor more information about securing access to BIG-IP and Enterprise Manager systems, refer to SOL13309: Restricting access to the Configuration utility by source IP address (11.x) and SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2015-07-08T00:00:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16865.html", "cvelist": ["CVE-2015-1781"], "lastseen": "2016-09-26T17:23:29"}, {"id": "F5:K16865", "type": "f5", "title": "GNU C Library (glibc) vulnerability CVE-2015-1781", "description": "\nF5 Product Development has assigned ID 521568 (BIG-IP, BIG-IQ and Enterprise Manager) and ID 476571 (ARX) to this vulnerability, and has evaluated the currently supported releases for potential vulnerability. Additionally, [BIG-IP iHealth](<http://www.f5.com/support/support-tools/big-ip-ihealth/>) may list Heuristic H16865 on the **Diagnostics** &gt; **Identified** &gt; **Low** screen.\n\nTo determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the vulnerability, refer to the following table:\n\nProduct| Versions known to be vulnerable| Versions known to be not vulnerable| Severity| Vulnerable component or feature \n---|---|---|---|--- \nBIG-IP LTM| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP AAM| 11.4.0 - 11.6.0*| None| Low| glibc \nBIG-IP AFM| 11.3.0 - 11.6.0*| None| Low| glibc \nBIG-IP Analytics| 11.0.0 - 11.6.0*| None| Low| glibc \nBIG-IP APM| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP ASM| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP Edge Gateway| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP GTM| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP Link Controller| 11.0.0 - 11.6.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP PEM| 11.3.0 - 11.6.0*| None| Low| glibc \nBIG-IP PSM| 11.0.0 - 11.4.1* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP WebAccelerator| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nBIG-IP WOM| 11.0.0 - 11.3.0* \n10.1.0 - 10.2.4*| None| Low| glibc \nARX| 6.0.0 - 6.4.0| None| Medium| glibc \nEnterprise Manager| 3.0.0 - 3.1.1*| None| Low| glibc \nFirePass| None| 7.0.0 \n6.1.0| Not vulnerable| None \nBIG-IQ Cloud| 4.0.0 - 4.5.0*| None| Low| glibc \nBIG-IQ Device| 4.2.0 - 4.5.0*| None| Low| glibc \nBIG-IQ Security| 4.0.0 - 4.5.0*| None| Low| glibc \nBIG-IQ ADC| 4.5.0*| None| Low| glibc \nLineRate| None| 2.5.0 - 2.6.0| Not vulnerable| None \nF5 WebSafe| None| 1.0.0| Not vulnerable| None \nTraffix SDC| 4.0.0 - 4.4.0 \n3.3.2 - 3.5.1| None| Low| glibc \n \n**Note**: As of February 17, 2015, AskF5 Security Advisory articles include the Severity value. Security Advisory articles published before this date do not list a Severity value.\n\n*Although the BIG-IP, BIG-IQ, and Enterprise Manager software contains the vulnerable code, BIG-IP, BIG-IQ, and Enterprise Manager do not use the vulnerable code in a way that exposes the vulnerability in a standard configuration. An attacker must have local access to BIG-IP, BIG-IQ, Enterprise Manager to upload a custom binary in order to trigger an exploit that the attacker can then crash the application or run arbitrary code. Therefore, F5 Product Development considers this vulnerability as Not Vulnerable in a standard configuration and Low Severity if management access to BIG-IP, BIG-IQ, and Enterprise Manager is not adequately protected; for example over a secure network.\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nTo mitigate this vulnerability, you should only permit management access to F5 products over a secure network and limit shell access to trusted users.\n\nFor more information about securing access to BIG-IP and Enterprise Manager systems, refer to [K13309: Restricting access to the Configuration utility by source IP address (11.x)](<https://support.f5.com/csp/article/K13309>) and [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2015-07-08T23:20:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://support.f5.com/csp/article/K16865", "cvelist": ["CVE-2015-1781"], "lastseen": "2017-06-08T06:18:17"}, {"id": "F5:K16841", "type": "f5", "title": "GNU C Library (glibc) vulnerability CVE-2013-7423", "description": " \n\n\nThe send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended locations via a large number of request that trigger a call to the getaddrinfo function. ([CVE-2013-7423](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-7423>))\n\nImpact \n\n\nThis vulnerability can only be exploited in F5 products by locally authenticated users. An attacker may be able to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. No remote vulnerabilities are known. \n\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>).\n\nYou should permit access to F5 products only over a secure network and limit login access to trusted users. For more information, refer to [K13092: Overview of securing access to the BIG-IP system](<https://support.f5.com/csp/article/K13092>).\n\n * [K9970: Subscribing to email notifications regarding F5 products](<https://support.f5.com/csp/article/K9970>)\n * [K9957: Creating a custom RSS feed to view new and updated documents](<https://support.f5.com/csp/article/K9957>)\n * [K4602: Overview of the F5 security vulnerability response policy](<https://support.f5.com/csp/article/K4602>)\n * [K4918: Overview of the F5 critical issue hotfix policy](<https://support.f5.com/csp/article/K4918>)\n", "published": "2015-07-02T21:32:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://support.f5.com/csp/article/K16841", "cvelist": ["CVE-2013-7423"], "lastseen": "2017-10-12T02:11:21"}, {"id": "SOL16841", "type": "f5", "title": "SOL16841 - GNU C Library (glibc) vulnerability CVE-2013-7423", "description": "Recommended Action\n\nIf the previous table lists a version in the **Versions known to be not vulnerable** column, you can eliminate this vulnerability by upgrading to the listed version. If the listed version is older than the version you are currently running, or if the table does not list any version in the column, then no upgrade candidate currently exists.\n\nF5 responds to vulnerabilities in accordance with the Severity values published in the previous table. The Severity values and other security vulnerability parameters are defined in SOL4602: Overview of the F5 security vulnerability response policy.\n\nYou should permit access to F5 products only over a secure network and limit login access to trusted users. For more information, refer to SOL13092: Overview of securing access to the BIG-IP system.\n\nSupplemental Information\n\n * SOL9970: Subscribing to email notifications regarding F5 products\n * SOL9957: Creating a custom RSS feed to view new and updated documents\n * SOL4602: Overview of the F5 security vulnerability response policy\n * SOL4918: Overview of the F5 critical issue hotfix policy\n", "published": "2015-07-02T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://support.f5.com/kb/en-us/solutions/public/16000/800/sol16841.html", "cvelist": ["CVE-2013-7423"], "lastseen": "2016-09-26T17:23:23"}], "amazon": [{"id": "ALAS-2015-513", "type": "amazon", "title": "Medium: glibc", "description": "**Issue Overview:**\n\nA buffer overflow flaw was found in the way glibc's gethostbyname_r() and other related functions computed the size of a buffer when passed a misaligned buffer as input. An attacker able to make an application call any of these functions with a misaligned buffer could use this flaw to crash the application or, potentially, execute arbitrary code with the permissions of the user running the application. ([CVE-2015-1781 __](<https://access.redhat.com/security/cve/CVE-2015-1781>))\n\nIt was discovered that, under certain circumstances, glibc's getaddrinfo() function would send DNS queries to random file descriptors. An attacker could potentially use this flaw to send DNS queries to unintended recipients, resulting in information disclosure or data loss due to the application encountering corrupted data. ([CVE-2013-7423 __](<https://access.redhat.com/security/cve/CVE-2013-7423>))\n\n \n**Affected Packages:** \n\n\nglibc\n\n \n**Issue Correction:** \nRun _yum update glibc_ to update your system. \n\n \n**New Packages:**\n \n \n i686: \n glibc-devel-2.17-55.142.amzn1.i686 \n glibc-utils-2.17-55.142.amzn1.i686 \n glibc-2.17-55.142.amzn1.i686 \n glibc-common-2.17-55.142.amzn1.i686 \n nscd-2.17-55.142.amzn1.i686 \n glibc-headers-2.17-55.142.amzn1.i686 \n glibc-debuginfo-2.17-55.142.amzn1.i686 \n glibc-static-2.17-55.142.amzn1.i686 \n glibc-debuginfo-common-2.17-55.142.amzn1.i686 \n \n src: \n glibc-2.17-55.142.amzn1.src \n \n x86_64: \n nscd-2.17-55.142.amzn1.x86_64 \n glibc-common-2.17-55.142.amzn1.x86_64 \n glibc-2.17-55.142.amzn1.x86_64 \n glibc-utils-2.17-55.142.amzn1.x86_64 \n glibc-debuginfo-2.17-55.142.amzn1.x86_64 \n glibc-headers-2.17-55.142.amzn1.x86_64 \n glibc-static-2.17-55.142.amzn1.x86_64 \n glibc-debuginfo-common-2.17-55.142.amzn1.x86_64 \n glibc-devel-2.17-55.142.amzn1.x86_64 \n \n \n", "published": "2015-04-22T16:12:00", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://alas.aws.amazon.com/ALAS-2015-513.html", "cvelist": ["CVE-2015-1781", "CVE-2013-7423"], "lastseen": "2016-09-28T21:04:10"}], "suse": [{"id": "SUSE-SU-2015:1424-1", "type": "suse", "title": "Security update for glibc (important)", "description": "This update for glibc provides fixes for security and non-security issues.\n\n These security issues have been fixed:\n\n - CVE-2015-1781: Buffer length after padding in resolv/nss_dns/dns-host.c.\n (bsc#927080)\n - CVE-2013-2207: pt_chown did not properly check permissions for tty\n files, which allowed local users to change the permission on the files\n and obtain access to arbitrary pseudo-terminals by leveraging a FUSE\n file system. (bsc#830257)\n - CVE-2014-8121: DB_LOOKUP in the Name Service Switch (NSS) did not\n properly check if a file is open, which allowed remote attackers to\n cause a denial of service (infinite loop) by performing a look-up while\n the database is iterated over the database, which triggers the file\n pointer to be reset. (bsc#918187)\n - Fix read past end of pattern in fnmatch. (bsc#920338)\n\n These non-security issues have been fixed:\n\n - Fix locking in _IO_flush_all_lockp() to prevent deadlocks in\n applications. (bsc#851280)\n - Record TTL also for DNS PTR queries. (bsc#928723)\n - Fix invalid free in ld.so. (bsc#932059)\n - Make PowerPC64 default to non-executable stack. (bsc#933770)\n - Fix floating point exceptions in some circumstances with exp() and\n friends. (bsc#933903)\n - Fix bad TEXTREL in glibc.i686. (bsc#935286)\n\n", "published": "2015-08-21T18:10:09", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2015-08/msg00019.html", "cvelist": ["CVE-2014-8121", "CVE-2013-2207", "CVE-2015-1781"], "lastseen": "2016-09-04T11:51:33"}, {"id": "SUSE-SU-2016:0470-1", "type": "suse", "title": "Security update for glibc (important)", "description": "This update for glibc fixes the following issues:\n\n - CVE-2015-7547: A stack-based buffer overflow in getaddrinfo allowed\n remote attackers to cause a crash or execute arbitrary code via crafted\n and timed DNS responses (bsc#961721)\n - CVE-2015-8777: Insufficient checking of LD_POINTER_GUARD environment\n variable allowed local attackers to bypass the pointer guarding\n protection of the dynamic loader on set-user-ID and set-group-ID\n programs (bsc#950944)\n - CVE-2015-8776: Out-of-range time values passed to the strftime function\n may cause it to crash, leading to a denial of service, or potentially\n disclosure information (bsc#962736)\n - CVE-2015-8778: Integer overflow in hcreate and hcreate_r could have\n caused an out-of-bound memory access. leading to application crashes or,\n potentially, arbitrary code execution (bsc#962737)\n - CVE-2014-9761: A stack overflow (unbounded alloca) could have caused\n applications which process long strings with the nan function to crash\n or, potentially, execute arbitrary code. (bsc#962738)\n - CVE-2015-8779: A stack overflow (unbounded alloca) in the catopen\n function could have caused applications which pass long strings to the\n catopen function to crash or, potentially execute arbitrary code.\n (bsc#962739)\n - CVE-2013-2207: pt_chown tricked into granting access to another users\n pseudo-terminal (bsc#830257)\n - CVE-2013-4458: Stack (frame) overflow in getaddrinfo() when called with\n AF_INET6 (bsc#847227)\n - CVE-2014-8121: denial of service issue in the NSS backends (bsc#918187)\n - bsc#920338: Read past end of pattern in fnmatch\n - CVE-2015-1781: buffer overflow in nss_dns (bsc#927080)\n\n The following non-security bugs were fixed:\n\n - bnc#892065: SIGSEV tst-setlocale3 in glibc-2.11.3-17.68.1\n - bnc#863499: Memory leak in getaddrinfo when many RRs are returned\n - bsc#892065: Avoid unbound alloca in setenv\n - bsc#945779: Properly reread entry after failure in nss_files getent\n function\n\n", "published": "2016-02-16T20:15:44", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://lists.opensuse.org/opensuse-security-announce/2016-02/msg00036.html", "cvelist": ["CVE-2015-8776", "CVE-2014-8121", "CVE-2015-8777", "CVE-2015-8779", "CVE-2015-8778", "CVE-2013-2207", "CVE-2013-4458", "CVE-2014-9761", "CVE-2015-1781", "CVE-2015-7547"], "lastseen": "2016-09-04T11:46:33"}]}}